Episodes
-
In this podcast episode, learn about confidential computing and data privacy in the context of AWS services. The hosts - Shai, Anton, and Arindam, who are AWS Solution Architects, provide insights into AWS's security technologies and operational practices that exceed customer standards for confidential computing and data privacy.
The podcast delves into the Nitro system and its protection categories for confidential computing, as well as AWS Nitro Enclaves - a feature that provides isolation for sensitive data and applications. The hosts discuss the many use cases of Nitro enclaves, including cryptographic attestation capabilities, and explore how it can be used in various blockchain use cases, containerization, and Kubernetes. Additionally, the podcast provides resources for listeners to learn more about Nitro enclaves.
Throughout the episode, the hosts emphasize the importance of keeping customers' workloads secure and confidential. They provide insights into how confidential computing can be used in blockchain networks and modern advanced enterprise architectures.
Overall, the podcast provides a comprehensive understanding of confidential computing and how it can be implemented for enhanced security. It's a valuable resource for those interested in AWS services and data privacy.
Key Moments:
[00:02:30] Confidential computing explained.
[00:05:13] AWS Nitro system.
[00:10:36] Cryptographic attestation.
[00:13:39] Nitro Enclave's use cases.
[00:18:11] Cryptographic attestation capabilities.
[00:21:11] Bridging multiple blockchain chains.
[00:26:41] Nitro enclaves workshop.
Links:
Workshop: https://nitro-enclaves.workshop.aws/en/ (also available in Japanese)
Workshop (“one module if you only have 30 min”): https://nitro-enclaves.workshop.aws/en/my-first-enclave/cryptographic-attestation.html
Docs https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
Blogs:
Confidential computing: an AWS perspective: https://aws.amazon.com/blogs/security/confidential-computing-an-aws-perspective/
Announcement Nitro Enclave: https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/
Nitro Enclaves + windows: https://aws.amazon.com/blogs/compute/getting-started-with-aws-nitro-enclaves-on-microsoft-windows/
Nitro Enclaves + Blockchain
Part 1: https://aws.amazon.com/blogs/database/part-1-aws-nitro-enclaves-for-secure-blockchain-key-management/
Part 2: https://aws.amazon.com/blogs/database/part-2-aws-nitro-enclaves-for-secure-blockchain-key-management/
Part 3: https://aws.amazon.com/blogs/database/part-3-aws-nitro-enclaves-for-secure-blockchain-key-management/
GitHub Samples:
https://github.com/aws/aws-nitro-enclaves-cli
https://github.com/aws/aws-nitro-enclaves-sdk-c
https://github.com/aws/aws-nitro-enclaves-acm
https://github.com/aws-samples/aws-nitro-enclaves-certificate-manager-sample
EKS + Nitro Enclaves
https://github.com/aws/aws-nitro-enclaves-k8s-device-plugin
https://github.com/aws/aws-nitro-enclaves-with-k8s
https://docs.aws.amazon.com/enclaves/latest/user/kubernetes.html
Video:
Confidential computing with AWS compute - https://www.youtube.com/watch?v=pyRBOHYgHc0 -
In this episode of AWS Techchat, we talk briefly about container basics, difference between VMs and containers, and how customers are leveraging containers to modernize their legacy workloads. We look at different orchestration options for building modern applications and talk about various AWS tools that could be used. We cover use cases for automated infrastructure provisioning and integrating with Continuous Integration and Continuous Deployment. We cover Karpenter from autoscaling perspective and few new feature releases in containers space and Amazon Elastic Kubernetes Service (Amazon EKS) Anywhere support on bare metal and also discuss security best practices at high level.
Resources:
• Hands On workshop for Amazon EKS - ecsworkshop.com/
• Live streams and videos featuring AWS Container Services and demos - www.youtube.com/c/ContainersfromtheCouch/featured
• Amazon EKS Best Practices Guide - aws.github.io/aws-eks-best-practices/
• Architecting Amazon EKS workload for PCI DSS compliance white-paper -d1.awsstatic.com/whitepapers/arch…s-compliance.pdf
• Architecting Amazon EKS workload for HIPAA compliance white-paper - docs.aws.amazon.com/whitepapers/lat…amazon-eks.html
• Amazon EKS Blueprints Quick Start *-*aws-quickstart.github.io/cdk-eks-blueprints/
• Karpenenter Documentation - karpenter.sh/
Speakers:
Shai Perednik - Global Tech Lead - Blockchain www.linkedin.com/in/shaiperednik/
Arindam Chatterji - Senior Solution Architect - US SMB www.linkedin.com/in/arinchat/
Prasad Shetty - Senior Solution Architect - US NE Enterprise www.linkedin.com/in/prasadshetty3/ -
Episodes manquant?
-
In this episode of AWS TechChat, we talk about history of AWS Graviton, difference between ARM and x86, and how to get workloads running on AWS Graviton. We then talk about how to assess your application for ARM compatibility. First understanding the type of application, follow by the features and libraries used, then onto the components of the application like the database.
Resources:
- AWS Graviton Public Page - https://aws.amazon.com/ec2/graviton/
- .NET on ARM - https://aws.amazon.com/blogs/devops/build-and-deploy-net-web-applications-to-arm-powered-aws-graviton-2-amazon-ecs-clusters-using-aws-cdk/
- ARM for Databases: https://aws.amazon.com/blogs/database/key-considerations-in-moving-to-graviton2-for-amazon-rds-and-amazon-aurora-databases/
- Transitioning to ARM Best Practices: https://github.com/aws/aws-graviton-getting-started/blob/main/transition-guide.md
Speakers:
Shai Perednik - Global Tech Lead - Blockchain https://www.linkedin.com/in/shaiperednik/
Matthew Cline - Senior Solutions Architect https://www.linkedin.com/in/matthewbcline/
Muhammad Mansoor - Senior Solutions Architect https://www.linkedin.com/in/mmansoor/ -
In this episode of AWS TechChat, we talk about how leveraging the AWS Cloud Adoption Framework (AWS CAF) can help you accelerate your digital transformation efforts and business outcomes. We highlight the potential value that cloud transformation can bring to organizations, identify some of the key challenges that organizations may face along their journey, and discuss how the AWS CAF can help you overcome those.
We unpack the key components of the AWS CAF, including 4 categories of business outcomes, 4 transformation domains, 6 perspectives, 47 foundational capabilities, and 4 incremental & iterative transformation phases that the AWS CAF recommends.
And finally, we talk about the AWS CAF Envisioning and Alignment workshops and how they can be leveraged to help you identify and prioritize transformation opportunities, assess your organizational cloud readiness, and evolve your transformation roadmap.
Speakers:
• Shai Perednik - (www.linkedin.com/in/shaiperednik/) - Global Tech Lead – Blockchain, AWS
• Dr. Saša Baškarada (www.linkedin.com/in/baskarada/) - Worldwide Lead, AWS Cloud Adoption Framework, AWS
• Jason Turse (www.linkedin.com/in/turse-262/) - Senior Practice Manager, Advisory (Defense), AWS
Resources:
• AWS Cloud Adoption Framework (AWS CAF) eBook https://d1.awsstatic.com/whitepapers/aws-caf-ebook.pdf
• An Overview of the AWS Cloud Adoption Framework https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/welcome.html
• AWS CAF Public Page https://aws.amazon.com/professional-services/CAF/
• AWS CAF Whitepaper - Kindle Edition https://www.amazon.com/dp/B09X9DBL4V/ref=cm_sw_em_r_mt_dp_49MV5ZHXJBAAXRNS4VZ9 -
In this episode of AWS Techchat, we start the show by talking about foundations - an overview of Amazon EventBridge and how it is different from Amazon CloudWatch Events. Then we talk about some of the features such as Archive and Replay Events, Schema Registry, Global Endpoints, and API Destinations.
Finally, we dive into architecture patterns to touch on the need to spend time modeling your logical architecture to get a good foundation for your event-driven architecture and explored event bus topologies and best practices.
Speakers
Shai Perednik - Global Tech Lead - Blockchain
Cheryl Joseph - Solutions Architect, AWS
Stephen Liedig - Principal SA - Serverless, AWS
Resources
*Amazon EventBridge resource policy samples*
https://github.com/aws-samples/amazon-eventbridge-resource-policy-samples
*AWS re:Invent 2020 session*
Building event-driven applications with Amazon EventBridge (https://youtu.be/Wk0FoXTUEjo)
*Introducing global endpoints for Amazon EventBridge*
https://aws.amazon.com/blogs/compute/introducing-global-endpoints-for-amazon-eventbridge/
*ANZ Summit: Design event-driven integrations using Amazon EventBridge (Day 2)*
* AWS Summit regisration (https://aws.amazon.com/events/summits/anz/)
* Agenda at a glance (https://pages.awscloud.com/rs/112-TZM-766/images/AWS-Summit-ANZ-2022-Agenda.pdf)
Blog Post
* Building an event-driven application with Amazon EventBridge (https://aws.amazon.com/blogs/compute/building-an-event-driven-application-with-amazon-eventbridge/) -
In this episode of AWS TechChat, we take a journey into Amazon Elastic Compute Cloud (Amazon EC2) Mac instances. I interview two Amazon EC2 Mac Specialists, Muhammad and Scott, who help us deep dive into the depths of Amazon EC2 and supporting services and features.
We start the show by setting foundations as we talk about the single tenancy model and how that relates to billing. We then discuss the differences between instances and hosts and Amazon Elastic Block Store (Amazon EBS) storage as well as building a CI/CD pipeline with Amazon EC2 MAC for your build servers.
We wrap that all up with some use cases we’ve heard and by looking at where customers should start their Amazon EC2 Mac journey.
Speakers
Shai Perednik - Senior Solutions Architect, AWS
Muhammad Mansoor - Senior Solutions Architect, AWS
Scott Malki - Senior EC2/Graviton Specialist, AWS
AWS Events:
AWS Builders Online Series https://aws.amazon.com/events/builders-online-series/
AWS Innovate – AI/ML Edition https://aws.amazon.com/events/aws-innovate/machine-learning/
AWS Events and Webinars - http://aws.amazon.com/events/
Resources
Use Amazon EC2 Mac Instances to Build & Test macOS, iOS, iPadOS, tvOS, and watchOS Apps https://aws.amazon.com/blogs/aws/new-use-mac-instances-to-build-test-macos-ios-ipados-tvos-and-watchos-apps/ -
In this episode of AWS TechChat, we take a journey into Amazon Managed Blockchain and Amazon Quantum Ledger Database (QLDB). I interview a blockchain specialist - Forrest, who help us deep dive into the depths of blockchain technologies and terminologies.
We start the show by setting foundations, diving into cryptocurrencies, tokenization, and smart contracts before walking through the difference between layer 1, layer 2, and sidechains.
We then pivot the discussion to private and public blockchain, Hyperledger as well as Ethereum. We close out this segment by answering some of the frequently asked questions - “Is there only one blockchain? Why do we need multiple blockchains?”
We also discuss about blockchain versus databases and how to decide between Amazon Managed Blockchain and Amazon QLDB.
Finally, we wrap up the show with some exciting use cases and share how you should start your blockchain journey.
Speakers
Shai Perednik - Sr. Solutions Architect, AWS
Forrest Colyer - Blockchain Specialist Solutions Architect, AWS
AWS Events:
AWS Innovate – Data Edition https://aws.amazon.com/events/aws-innovate/data/
AWS Events and Webinars - http://aws.amazon.com/events/
Customer stories
How Contura Energy built a letter of credit application on Amazon Managed Blockchain https://aws.amazon.com/blogs/database/how-contura-energy-built-a-letter-of-credit-application-on-amazon-managed-blockchain/
Enterprise solutions with blockchain: Use cases from Nestlé, Sony Music, and Workday https://d1.awsstatic.com/events/reinvent/2019/Enterprise_solutions_with_blockchain_Use_cases_from_Nestle_Sony_Music_and_Workday_BLC204.pdf
Nestlé brings supply chain transparency with Amazon Managed Blockchain https://www.youtube.com/watch?v=P6vPvZ0-7dY
Amazon Managed Blockchain Customers https://aws.amazon.com/managed-blockchain/customers/
Resources
Getting started with the Amazon QLDB console https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started.html
Get Started Creating a Hyperledger Fabric Blockchain Network Using Amazon Managed Blockchain https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/managed-blockchain-get-started-tutorial.html
Deploy an Ethereum node on Amazon Managed Blockchain https://aws.amazon.com/blogs/database/deploy-an-ethereum-node-on-amazon-managed-blockchain/
Building a serverless blockchain application with Amazon Managed Blockchain https://aws.amazon.com/blogs/database/building-a-serverless-blockchain-application-with-amazon-managed-blockchain/
Integrate Amazon Managed Blockchain identities with Amazon Cognito https://aws.amazon.com/blogs/database/integrate-amazon-managed-blockchain-identities-with-amazon-cognito/
Tracking activity in Amazon Managed Blockchain with Amazon CloudWatch Logs https://aws.amazon.com/blogs/database/tracking-activity-in-amazon-managed-blockchain-with-amazon-cloudwatch-logs/
Automating Hyperledger Fabric chaincode deployment on Amazon Managed Blockchain using AWS CodePipeline https://aws.amazon.com/blogs/database/automating-hyperledger-fabric-chaincode-deployment-on-amazon-managed-blockchain-using-aws-codepipeline/ -
In this episode of AWS TechChat, we took a journey out the edge, and gave you an in-depth look in to a new product that we have released to market, CloudFront Function. I interviewed 2 special guests from our CloudFront service team, David Brown and Raji Sundararajan who gave me the low down on the major feature release.
We started the show setting down a foundation of what is Edge Computing, how Edge Computing is changing modern architectures and some of the shortcomings customers face with Lambda @ Edge before introducing CloudFront Functions
CloudFront Functions, which is a feature of Amazon CloudFront, enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations.
CloudFront Functions can manipulate the requests and responses that flow through CloudFront, perform basic authentication and authorization, generate HTTP responses at the edge and more.
I then wore that hat of you, our customer and spend the better half of the show in a Q&A session with Raji and David to which we cover patterns, anti patterns, performance, the developer experience and more.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
David Brown - Sr. Product Manager, Cloudfront Service Team
Raji Sundararajan - Software Development Manager, CloudFront Service Team -
In this episode of AWS TechChat, we start with an introduction of containers and explain the many terms we often hear about them.
We then pivot and discuss why the industry is adopting containers, its benefits, and how you can get started by either using your local machine, single board computer, or an Amazon technology. From images through to Docker files, this episode will help you get started on your containers journey.
We dive into orchestration, talk about when to use containers and serverless, and close off the show with containers development tools and show you how you would deploy and manage them in AWS.
We just scratched the surface on the tooling we covered and suggest our listeners take a read through some of the links below:
AWS glossary - AWS General Reference (https://docs.aws.amazon.com/general/latest/gr/glos-chap.html)
Glossary | Docker Documentation (https://docs.docker.com/glossary/)
Container Orchestration
Amazon ECS vs Amazon EKS: making sense of AWS container services | Con... (https://aws.amazon.com/blogs/containers/amazon-ecs-vs-amazon-eks-making-sense-of-aws-container-services/)
Lambda Containers:
New for AWS Lambda – Container Image Support | AWS News Blog (https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/)
CoPilot
Developing an application based on multiple microservices using AWS Co... (https://aws.amazon.com/blogs/containers/developing-an-application-based-on-multiple-microservices-using-the-aws-copilot-and-aws-fargate/)
AWS Copilot is now generally available | Containers (https://aws.amazon.com/blogs/containers/aws-copilot-is-now-generally-available/)
ECS
Amazon ECS developer tools overview - Amazon Elastic Container Service (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-developer-tools.html#developer-tools-dockercli)
Tutorial: Creating a Cluster with an EC2 Task Using the Amazon ECS CLI... (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-cli-tutorial-ec2.html)
EKSCTL
The eksctl command line utility - Amazon EKS (https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html)
MISC
A Docker Tutorial for Beginners (https://docker-curriculum.com/)
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Shai Perednik - Solutions Architect, AWS -
In this episode of AWS TechChat, we close out our four parts of AWS re:Invent 2020 series with an AI/ML special. We cover Amazon Sagemaker, Amazon Kendra, Amazon Elastic MapReduce (EMR), Amazon QuickSight, and some brand new services.
We talk about AWS HealthLake and how it makes sense of health data. AWS customers can use Kendra’s Google Drive connector to ingest and manage content from Google Docs and Google Slides.
We introduce AWS Panorama which will help improve your operations with computer vision at the edge. We continue with a raft of new Amazon SageMaker updates:
• Amazon SageMaker Feature Store - A fully managed repository for machine learning features
• Amazon SageMaker Clarify - Bias Detection and Explainability
• Amazon SageMaker Debugger - Optimize ML models with real-time monitoring of training metrics and system resources
• Amazon SageMaker Model Monitor - Detect drift in model quality, model bias, and feature importance
• Amazon SageMaker Pipelines - First purpose-built CI/CD service for machine learning
• Amazon SageMaker Jumpstart - Simplifies Access to Pre-built Models and Machine Learning Solutions
Before wrapping out, we share two more AI/ML updates - Amazon EMR Studio is the integrated development environment (IDE) for applications written in R, Python, Scala, PySpark, and Jupyter notebooks now gives you the option to deploy on Amazon Elastic Kubernetes Service (EKS). Amazon QuickSight allows you to ask Natural Language Query (NLQ) about your data and get answers in seconds.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Shai Perednik - Solutions Architect, AWS
Pallavi Nargund - Solutions Architect, AWS -
In this episode of TechChat we continue our four part re:Invent 2020 series with this episode covering Customer Engagement, Gaming, IOT and Industry, Marketplace, Misc.., and closed out with Partner Updates.
For Customer Engagement, we talked about:
* Contact Lens now supports real-time contact center analytics to detect customer issues on live calls
* Combine this with Connect Wisdom to pull up call relevant info to the agent in real-time. I love the warranty/support example you gave here ear
* Voice ID provides real-time caller authentication with no changes to the natural call flow and fall back to traditional authentication methods.
* Customer Profiles give you a unified view of your customers
* Connect Tasks makes it easy to prioritize, assign, track, and automate contact center agent tasks
* And if you're in or have call centers Latin America, 10 new price drops for telephony rates and new inbound numbers were announced at ReInvent.
For you gamers or game developers out there:
* GameLifts FlexMatch now works regardless of where developers host their game. So maybe we’ll see more cross-platform multi-player games match players across their game vs just that
In IOT and Industrial topics we covered:
* The new Lookout family of services. First one’s for
* Equipment for detecting abnormal equipment behavior and encouragin predictive maintenance
* Lookout for Vision will ingest images from the product line to he automate quality inspection
* And finally Lookout for Metrics, will help you apply similar anomaly detection to any of your business data and respective metrics.
* If your machinery doesn’t have sensors, then you can leverage Monitron, an end-to-end system you can buy at amazon.com (http://amazon.com/) to detect abnormal equipment behavior.
* And finally Table charts added to IoT SiteWise help tabulate and visualize the latest key operational metrics like equipment properties and other machine data
For Marketplace updates we had:
* You can now purchase Professional Services for third-party software from the Marketplace
* If you’re using the Private Marketplace, you now have API access to automate and scale out your operations and access.
And some general updates we’re going to group together:
* IGMP is now supported in Transit Gateway to easily deploy, manage and scale multicast applications
* Audit Manager helps prep for audits automating collection of data on AWS resources.
* Glue Elastic Views is in Preview for creating materialized views of your data.
* And Elasticsearch Service now supports Glue Elastic Views
* License Manager enhances automated discovery with tag-based search and detection of software uninstalls
* And also provides central management for Entitlements purchased from the Marketplace
* And finally, Service Catalog AppRegistry can be used to define and describe your applications running in AWS
Partner updates:
* Foundational Technical Review Lens now available in the AWS Well-Architected Tool along with SaaS Lens
* SaaS Factory Insights Hub helps providers gain insights with various types of content
* While SaaS Boost will help partners accelerate their solutions into a SaaS offering.
* Introducing the New AWS Travel and Hospitality Competency as well as the
* APN Travel & Hospitality Navigate track for partner in those verticals or looking to enter.
* And Finally AWS Public Safely and Disaster Response Technology Partners are goto partners to help our customers around the world improve organizational capacity to prepare, respond, and recover from emergencies and disasters. -
In this episode of AWS TechChat, we continue with part 2 of our 4 parts of AWS re:Invent 2020 series with this episode covering Application Development, Containers, and Database announcements.
For our developer community, we talk about:
• Using Amazon CodeGuru’s new Security Detectors to help you find and remediate security issues in your code.
• Python support for Amazon CodeGuru (in preview).
• We share another new service, Amazon DevOps Guru (in preview) for measuring and improving an application’s operational performance.
• Amazon Lambda now supports up to 10 GB of memory and 6 vCPU cores and a billing granularity reduction down to 1ms.
• Amazon API Gateway now supports integration with Step Functions StartSyncExecution for HTTP APIs.
• Amazon AppFlow now provides Amazon Connect Customer Profiles connectivity to several cloud applications.
• Amazon AppFlow can provide similar app integrations with those 3rd party apps to HoneyCode.
• For those AWS Amplify users, deploy AWS Fargate containers through the Amplify Command Line Interface (CLI) and you get a new AdminUI to boot that deploys all the underlying bits for you.
• AWS Proton to bridge the gap between platform and development teams.
In containers, we kick it off with Amazon Elastic Kubernetes Service (EKS):
• First, cluster add-ons are managed through the Amazon EKS console, CLI, or API.
• Run Amazon EKS on-premises with Amazon Elastic Kubernetes Service (EKS) Distribution.
• Amazon EKS on AWS Fargate now has built-in logging with Fluent Bit under the hood.
• You can now see all your Kubernetes resources in the Amazon EKS console without needing extra tools.
• Public registries for your container images with Amazon Elastic Container Registry (ECR) public and the Amazon ECR public gallery.
• Use your existing containers as an AWS Lambda package format.
• Amazon Elastic Container Service (ECS) Deployment Circuit Breaker is in preview to stop deployments from getting worse and auto-rollback.
In database, we cover the following announcements:
• Babelfish, not a mythological creature, but a translation layer between Amazon Aurora PostgresSQL and Microsoft SQL.
• V2 of Amazon Aurora Serverless has arrived, considerably faster and scales in a fraction of a second, with scaling so fast it is perfect for those event-driven applications.
• AWS Data Exchange adds revision access rules for governing access.
• Amazon Relational Database Service (RDS) Service Delivery Partners for when you want someone to build, deploy, and manage your Amazon RDS deployments.
• Amazon RDS Cross-Region backups come to Amazon RDS for Oracle
• Share data across Amazon Redshift clusters with data sharing in preview and pull data from partners directly via the Amazon RedShift Console.
• Amazon RedShift Federated query comes to Amazon RDS for MySQL and Amazon Aurora MySQL.
• Amazon Redshift Automatic Table Optimization to keep your data warehouse running in tip-top shape automatically.
• Move Amazon RedShift clusters easily across Availability Zones.
• JSON supports in preview for Amazon RedShift.
• Finally, AQUA (Advanced Query Accelerator) comes to Amazon RedShift (in Preview) as a caching layer to speed up queries.
Stay tuned as we cover all aspects of AWS re:invent 2020 in our coming updates.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Shai Perednik - Solutions Architect, AWS
AWS Events:
AWS re:Invent https://reinvent.awsevents.com/
AWS Innovate AI/ML Edition https://aws.amazon.com/events/aws-innovate/machine-learning/
AWS Builders Online Series On-demand https://aws.amazon.com/events/builders-online-series/
AWS Events and Webinars - http://aws.amazon.com/events/ -
In this episode of TechChat we start our 4 part re:Invent 2020 series with this episode covering all ‘Security’, ‘Network’, ‘Compute’ and ‘Storage’ announcements.
We started reviewing security announcements
* AWS Security Hub (https://aws.amazon.com/security-hub/) can now automatically receive findings from the Kube-bench (https://github.com/aquasecurity/kube-bench).
* AWS Audit Manager is a new service that helps you continuously audit your AWS usage and automates evidence collection to make it easier for you to assess whether your policies, procedures, and activities are operating effectively.
* CloudTrail provides more granular control of data event logging through advanced event selectors
Before pivoting to Network updates
* AWS Transit Gateway Inter-region Peering is Now Available in additional regions which provides you more choice in how you architect your network and software stack.
* AWS Transit Gateway Connect brings SD-WAN connectivity to your VPC
* AWS Global Accelerator launches custom routing allowing you to route multiple users to a specific EC2 destination in a single or multiple AWS Regions by directing them to a unique port on your accelerator
* VPC Reachability Analyzer is here to simplify connectivity testing and troubleshooting, a great win for customers
Compute brings a raft of new instance and instance types
* EC2 Mac instances for macOS
* New instance types (M5zn high frequency and 100Gbps | D3 and D3en, the next generation of dense HDD storage instances | R5b instances featuring 60 Gbps of EBS Bandwidth and 260K IOPS | G4ad instances, powered by AMD Radeon Pro V520 GPUs)
* Local Zones in Boston, Houston, and Miami
* AWS Managed Services supports AWS Outposts
* Amazon Machine Images now support tag-on-create and tag-based access control
And finally to round out the show we discussed storage
* New EBS general purpose volumes, gp3
* EBS io2 volumes now support SAP workloads
* Tiered pricing for input/output operations per second (IOPS) charges for Amazon Elastic Block Store (EBS) io2 volume, reducing the cost of provisioning peak IOPS by 15%
* quadruples per-volume maximum capacity and performance on io2 volume
* S3 Replication adds support for two-way replication
* S3 Bucket Keys reduce the costs of Server-Side Encryption with AWS Key Management Service
* S3 now delivers strong read-after-write consistency automatically for all applications
* S3 Replication adds support for multiple destinations in the same, or different AWS Regions
Stay tuned as we cover all aspects of re:invent 2020 in our coming multi-part re:Invent update
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Shai Perednik - Solutions Architect, AWS -
In this themed episode of AWS TechChat, we are joined by Darko Meshzaros as he helps to navigate all things Infrastructure as Code (IaC) and Configuration Management.
IaC is such an important concept for advancing your IT maturity. In this episode we take a journey around IaC and Configuration Management and talk about some of the core concepts and hopefully demystify many of these topics for you.
We answer the questions on why we use IaC, discuss about elasticity with IaC and share with you the differences between IaC vs. Configuration Management.
Before closing out, we talk through some relevant AWS services such as AWS CloudFormation, AWS Cloud Development Kit (CDK), AWS Serverless Application Model (SAM), Cloud Development Kit for Terraform (cdktf), Cloud Development Kit for Kubernetes (cdk8s) and the AWS OpsWorks family.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, AWS
Darko Meszaros - Senior Developer Advocate, AWS -
In this episode of AWS TechChat, we welcome Shai Perednik to the TechChat team as we perform a tech round-up from September to October of 2020.
We cover a plethora of topics today, we start the show talking about price reductions with AWS IoT Events dropping a mammoth 86%. Amazon Connect - our ever-popular phone system in the cloud decreases telephony costs for outbound calls across six countries in Europe. We introduce a new service - AWS Cost Anomaly Detection which allows you to receive anomaly detection alert notifications with root cause analysis, so you can proactively take actions and minimize unintentional spend.
We then move to compute, more AWS Graviton2 instances are available in more regions. Amazon Relational Database Service (RDS) now has AWS Graviton2-based instances with MySQL and Amazon Aurora. Lastly, the latest generation of burstable, general-purpose Amazon Elastic Compute Cloud (EC2) T4g instances are now available and deliver up to 40% better price performance over T3 instances.
AWS Backup supports application-consistent backups for Windows instances and we also talk about AWS File Gateway performance upgrades. Next, Apache Flink Kinesis consumer now supports Enhanced Fan Out (EFO) and HTTP/2 data retrieval API for Amazon Kinesis Data Streams.
In terms of Virtual Private Server (VPS) workloads, Amazon Lightsail offers an Amazon Machine Images (AMI) like experience with OS blueprints. On the container front, Amazon CloudWatch adds Prometheus support and there are EC2 security groups and customizable service IP ranges for Amazon Elastic Kubernetes Service (EKS).
We then pivot to serverless and database updates, AWS Lambda adds support in the console for AWS Step Functions, making the process of authoring state machines and Lambda functions even easier and with AWS Launch Wizard, you can now easily deploy SQL Server Always On availability groups on Ubuntu Server.
Before we close out, we cover a few networking updates. Amazon CloudFront launch Origin Shield which is another caching layer that collapses requests from Edge Locations and Regional Edge Caches to the closest Regional Edge Cache to the origin, providing an increased cache hit ratio and a reduction of load on the origin. A great feature release if your application has a global audience.
Lastly, we end the show with a development update - Amazon EventBridge now supports Dead Letter Queues (DLQs), which makes event-driven applications more resilient and durable by storing your events in queues when the events can't be delivered, or the target is unavailable.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Shai Perednik - Solutions Architect, AWS -
In this themed episode of AWS TechChat, I am joined by Gabe Hollombe and we look at two relatively new AWS Services - Amazon EventBridge and Amazon AppFlow.
We start the show revisiting a messaging foundation and what are the gaps Amazon EventBridge fills in our product portfolio.
We discuss that Amazon EventBridge is a serverless event bus that makes it easy to connect applications together using data from your own applications, SaaS applications, and AWS services before contrasting Amazon EventBridge to Amazon CloudWatch Events. Then we pivot to Amazon EventBridge Schema Registry which allows you to discover, create, and manage OpenAPI schemas for events on Amazon EventBridge. You can find schemas for existing AWS services, create and upload custom schemas, or generate a schema based on events on an event bus.
Lastly we talk about Amazon AppFlow, an even newer AWS service. Amazon AppFlow allows you to securely transfer data between SaaS applications like Salesforce, Marketo, and Slack with AWS services like Amazon Simple Storage Service (S3) and Amazon Redshift in just a few clicks.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Gabe Hollombe - Principal Developer Advocate, AWS
Resources:
Amazon EventBridge https://aws.amazon.com/eventbridge/
Amazon CloudWatch Events https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html
Amazon EventBridge Schema Registry https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-schemas.html
Amazon AppFlow https://aws.amazon.com/appflow/
AWS Events:
AWS Modern Applications Online Series https://aws.amazon.com/events/application/modern-applications/
AWSome Day Online Conference https://aws.amazon.com/events/awsome-day/awsome-day-online/
AWS Data, Databases, and Analytics Online Series https://aws.amazon.com/events/data-analytics-series/
AWS Builders Online Series on-demand http://aws.amazon.com/events/builders-online-series/
AWS Summit Online on-demand - http://aws.amazon.com/events/summits/online
AWS Events and Webinars - http://aws.amazon.com/events/ -
In this episode of AWS TechChat, join us as we perform a tech round-up from July to August of 2020. We start the show with containers, and we talk about AWS Controller for Kubernetes (ACK) which means you can leverage AWS services directly in your Kubernetes applications.
Amazon Elastic Kubernetes Service (EKS) now supports UDP load balancing with the Network Load Balancer (NLB) running on Amazon EKS. AWS Fargate for Amazon EKS is now included in Compute Savings Plans. Amazon Elastic Container Service (ECS) now launches the new Amazon ECS Optimized Inferentia Amazon Machine Image (AMI) making it easier for customers to run Inferentia based containers on Amazon ECS.
Compute wise, Amazon EC2 Inf1 instances featuring AWS Inferentia chips are now available in additional AWS regions and EC2Launch is now at v2 with a range of new features, including renaming of the administrator account. AWS Graviton2 based instances make their way into more AWS regions. They can now be consumed by Amazon EKS, Amazon EKS pods running on AWS Fargate can now mount Amazon Elastic File System (EFS) file systems.
Amazon Braket is now generally available. It provides a development environment for you to explore and build quantum algorithms, test them on quantum circuit simulators, and run them on different quantum hardware technologies.
We then introduce a new Amazon Elastic Block Store (EBS) volume type - Provisioned IOPS SSD (io2) which fits in between io1 and General Purpose SSD (gp2) based volumes. It has 99.999% of durability and up to 64,000 IOPS per EBS volume.
On the development front, AWS Step Functions adds support for string manipulation, new comparison operators, and improved output processing. Amazon API Gateway HTTP APIs adds integration with five AWS services, meaning you no longer need to proxy through code as well as Amazon API Gateway now supports enhanced observability via access logs.
Amazon Lightsail now offers content delivery network (CDN) distributions to accelerate content delivery. Lightsail CDN, which is backed by Amazon CloudFront offers three fixed-price data plans, including an introductory plan that's free for 12 months. Amazon CloudFront adds additional geolocation headers for more granular geotagging, caching, and origin request policies providing more options to control and configure headers, query strings, and cookies that can be used to compute the cache key or forwarded to your origin.
Before closing out, we talk about AWS Glue version 2.0 which has some sizeable changes around functionality, cost, and speed.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Gabe Hollombe - Principal Developer Advocate, AWS -
In this 1 hour-long themed episode of AWS TechChat, join us as we sail to the Edge and demystify many of the core concepts that occur before end-user requests are made.
We start the show setting a foundation of Domain Name System (DNS), why it is important, before talking about Amazon Route 53, a highly available and scalable cloud DNS Service. It is also a full featured DNS service that is API, SDK, and CLI driven.
We then introduce the concept of Content Delivery Networks (CDN), and talk about Amazon CloudFront which speeds up the distribution of your static and dynamic web content. Amazon CloudFront also delivers the content through a worldwide network of data centers called edge locations.
Amazon CloudFront allows you to run AWS Lambda functions at the edge. Lambda@Edge is an extension of AWS Lambda which lets you execute functions and customize the content Amazon CloudFront delivers.
Before closing out, we talk about AWS Global Accelerator, a service that improves the availability and performance of your applications with local or global users. It provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions.
Speakers:
Shane Baldacchino - Edge Specialist Solutions Architect, ANZ, AWS
Dean Samuels - Lead Technologist, ASEAN, AWS
Resources:
Amazon CloudFront - https://aws.amazon.com/cloudfront/
Amazon Route53 - https://aws.amazon.com/route53/
AWS Global Accelerator - https://aws.amazon.com/global-accelerator/
AWS Events:
AWS Builders Online Series http://aws.amazon.com/events/builders-online-series/
AWS Summit Online on-demand - http://aws.amazon.com/events/summits/online
AWS Events and Webinars - http://aws.amazon.com/events/ -
In this Episode of AWS TechChat, Shane and Pete perform a tech round up from May through to June of 2020.
There is now an ability to provide AWS Direct Connect testing. You can now use the Resiliency Toolkit to test the resiliency of the AWS Direct Connect connections. The failover testing feature enables customers to test resiliency by disabling one or more Border Gateway Protocol (BGP) sessions using the AWS Management Console, Command Line Interface, or AWS Direct Connect API.
AWS Shield Advanced now allows proactive engagement from the DDoS Response Team (DRT) when a DDoS event is detected. When you turn on proactive engagement, the DRT will directly contact you if an Amazon Route 53 health check associated with your protected resource becomes unhealthy during an event that's detected by Shield Advanced.
Amazon Redshift now delivers better cold query performance by significantly improving compilation times.
Amazon Aurora PostgreSQL Global Database Supports Managed Recovery Point Objective (RPO).
Tighten Amazon Simple Storage Service (Amazon S3) permissions for your IAM users and roles using access history of Amazon S3 actions.
Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports Apache Kafka version upgrades.
We pivot to share the AWS Transfer family update, you can now use the source IP as an additional factor of authentication.
A raft of Amazon Elastic Compute Cloud (Amazon EC2) updates including the availability of the Graviton 2 based instances.
Finally, we talk about Amazon FSx for Windows File Server now enables you to grow storage and to scale performance on your file systems.
Speakers:
Shane Baldacchino - Solutions Architect, ANZ, AWS
Peter Stanski - Head of Solution Architecture, AWS
Resources:
AWS Direct Connect enables Failover Testing - https://aws.amazon.com/about-aws/whats-new/2020/06/aws-direct-connect-enables-failover-testing/
AWS Shield Advanced now supports proactive response to events - https://aws.amazon.com/about-aws/whats-new/2020/06/aws-shield-advanced-now-supports-proactive-event-response/
Amazon Redshift now delivers better cold query performance by significantly improving compilation times - https://aws.amazon.com/about-aws/whats-new/2020/06/amazon-redshift-now-delivers-better-cold-query-performance/
Now Query for AWS Availability Zones and Local Zones using AWS Systems Manager Parameter Store - https://aws.amazon.com/about-aws/whats-new/2020/05/query-for-aws-availability-zones-local-zones-using-aws-systems-manager-parameter-store/
Tighten S3 permissions for your IAM users and roles using access history of S3 actions - https://aws.amazon.com/about-aws/whats-new/2020/06/tighten-s3-permissions-iam-users-roles-access-history-s3-actions/
Amazon MSK now supports Apache Kafka version upgrades - https://aws.amazon.com/about-aws/whats-new/2020/05/amazon-msk-supports-apache-kafka-version-upgrades/
Announcing the General Availability of Amazon EC2 G4dn Bare Metal Instances - GPU instances with up to 8 NVIDIA T4 GPUs - https://aws.amazon.com/about-aws/whats-new/2020/06/announcing-general-availability-amazon-ec2-g4dn-bare-metal-instances/
Amazon FSx for Windows File Server now enables you to grow storage and to scale performance on your file systems - https://aws.amazon.com/about-aws/whats-new/2020/06/amazon-fsx-for-windows-file-server-now-enables-you-to-grow-storage-scale-performance-on-file-system/
AWS Events:
AWS Data, Databases, and Analytics Online Series on-demand https://aws.amazon.com/events/data-analytics-series/
AWS Summit Online on-demand https://aws.amazon.com/events/summits/online/
AWS Innovate AIML Edition on-demand https://aws.amazon.com/events/aws-innovate/machine-learning/
AWS Builders Online Series on-demand https://aws.amazon.com/events/builders-online-series/
AWS Events and Webinars https://aws.amazon.com/events/ -
In this 1 hour long themed episode of AWS TechChat, I am joined by my container yoda Mitch Beaumont explore everything containers in the world of Kubernetes, or is that Kube or K8?
It is Kubernetes themed affair, we start the show reminiscing about its history, going back, way back looking at where Kubernetes came from and how we arrived at the position we are today and gave an overview of Kubernetes concepts in the forms of Pods, ReplicaSet, Services, Volumes, NameSpaces, ConfigMaps, Secrets, StatefulSets & DaemonSet.
We then speak about CNI (Container Network Interface) and Istio for container networking and service discovery before a bit of a Q&A session on why Kubernetes?
Lastly we talk about Amazon’s Kubernetes offerings in the form of Amazon Elastic Kubernetes Service (EKS), AWS Fargate for EKS and how you can get started on Kubernetes journey.
Speakers:
Shane Baldacchino - Solutions Architect, ANZ, AWS
Mitch Beaumont - Solutions Architect, ANZ, AWS
Resources:
Episode 55 - Container Special https://soundcloud.com/user-684142981/episode-55-container-special
CNI custom networking https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html
Amazon Elastic Kubernetes Service https://aws.amazon.com/eks/
AWS Fargate https://aws.amazon.com/fargate/
AWS Events:
AWS Summit Online on-demand https://aws.amazon.com/events/summits/online/
AWS Innovate AIML Edition on-demand https://aws.amazon.com/events/aws-innovate/machine-learning/
AWS Events and Webinars https://aws.amazon.com/events/ - Montre plus
